' ' lilillililliillllllliiiilliilll 

US006308265B1 

(12) United States Patent (lo) Patent No.: us 6,308,265 Bl 

Miller (45) Date of Patent: Oct. 23, 2001 



(54) PROTECTION OF BOOT BLOCK CODE 

WHILE ALLOWING WRITE ACCESSES TO 
THE BOOT BLOCK 

(75) Inventor: Gregory L. Miller, Pordand, OR (US) 

(73) Assignee: Phoenix Technologies Ltd., San Jose, 
CA(US) 

( * ) Notice: Subject lo any disclaimer, the term of this 
patent is extended or adjusted under 35 
U.S.C. 154(b) by 0 days. 

(21) Appl. No,: 09/163,360 

(22) FUed: Sep. 30, 1998 

(51) Int. Cl.^ G06F 15/177 

(52) U.S. CI 713/2; 710/10; 711/162; 

714/6 

(58) Field of Search 713/2, 1; 710/10; 

714/6, 15; 711/162 

(56) References Cited 

U.S. PATENT DOCUMENTS 

5,269,022 * 12/1993 Shinjo et al 395/700 

5,568,641 * 10/1996 Nelson et al 395/700 

5,918,047 ♦ 6/1999 Leavitt et al 713/2 

5,960,445 * 9/1999 Tamori et al 707/203 

5,960,460 ♦ 9/1999 Marasco et al 711/162 



5,974,544 ♦ 10/1999 Jeffries et al 713/1 

6,018,629 1/2000 Tojima 395/712 



FOREIGN PATENT DOCUMENTS 



0 723 226 
0 803 812 



7/1996 
10/1997 



(EP). 
(EP). 



cited by examiner 



Primary Examiner—Thom&s Black 
Assistant Examiner — Mary Wang 



(57) 



ABSTRACT 



An apparatus and a method for protecting boot block code 
while allowing updating to BIOS code during a flash BIOS 
operation. The boot block code is stored in a boot block or 
boot region of a flash pari, and then a copy of the boot block 
code is written into another region of the flash part. The 
image of the boot block code in the another region is 
compared with the boot block code in the boot block, and if 
there is a match, the boot block region is unprotected, 
thereby allowing an update of code in the boot block. The 
boot block code of the flashed-in BIOS image in the boot 
block region is compared with the copy of the boot block 
code in the another region, and if there is a match, the code 
in the boot block region is protected. If there is not a match 
or if a power failure occurs, the system is booted up using 
the boot block code in the another region. 

19 Claims, 3 Drawing Sheets 
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PROTECTION OF BOOT BLOCK CODE do not provide a means for erasing the boot block region in 

WHILE ALLOWING WRITE ACCESSES TO order to protect the integrity of the recovery code, Conyen- 

THE BOOT BLOCK tional flash parts or memories are non-symmetrical, in a 

sense that they are designed with different -sized segments. 

BACKGROUND OF THE INVENTION s Data is written into such memories on a scgmcnt-by- 

segment basis. For example, there may be two 8- Kbyte 

1. Field of the Invention segments, one 16-Kbyte segment, one 32-Kbyte segment, 
The present invention relates to the protection of the boot and a pluraUty of 64- Kbyte segments. One of the 8-Kbytc 

block or the BIOS recovery region, while allowing write segments may contain infonnation on the manufacturer 

accesses to that same region. In particular, the present (e.g., name of manufacturer, model number of PC, etc.). The 

invention relates to the preservation of certain code or daU 16-Kbyte segment may contain the protected boot block 

within a "protected" segment, while also allowing for code, and the other segments contain other data, such as 

updates of other code that is also stored in the same segment. updatable BIOS code or the like. Data in a segment can only 

f*uoi*jA^ be updated by erasing the entire contents of the segment to 

2. Descnption of the Related Art ^ / n «n» »\ a tu u. 

^ create a blank segment (e.g., all "0 s ), and then by writing 

When a computer, such as a personal computer (PQ, is is data into the blank segment, 

switched off, the computer typically loses the contents of its ^^^^ accessing any particular segment of a 

working main memory that it accesses. When the computer memory is known to those of ordinary skill in the art. For 

is restarted, or booted up, all drives and components example, one way of accessing a particular segment for 

accessed by the PC have to be reinitialized. rewriting is for the user to provide a special erase command 

This reinitiaUzation is performed by the Basic Input/ 20 byte to any address location in the particular segment that is 

Output System, or BIOS. The BIOS includes system pro- to be updated. This special erase command byte is provided 

grams for the basic input and output operations, and pro- at the same time a Write Enable pin of the memory is 

vides the software interface to the PC hardware. Typical enabled, such as by providing the proper voltage Vpp (5 

BIOS functions provide access to the floppy disk, hard disk volts or the like) to that pin. Once this has been performed, 

drives, interfaces, and graphics adapters. Anonvolatile stor- 25 the particular segment is erased A similar process is then 

age (NVRAM), usuaUy a EPROM/Flash RAM, stores the perfonned to aHow a wriUng to the particular segment (e.g., 

mriQ f K th PPT r providmg a special write command byte to the particular 

blU5 tor use Dy me cru. segment while enabling the Write Enable pin). Other ways 

Random access memory (RAM), including the NVRAM selecting a particular segment of memory for erasing and 

discussed above and the central processmg umt (CPU), are rewriting are known, and vary from manufacturer to manu- 

included on the motherboard. The CPU is connected to a facturer 

keyboard, by which a user enters data or commands. To ^ containing the boot block code in 

display such inputs visuaUy, the CPU is also connected to a ^^^^^g^^ ^^^^^ ^^^^^^^^ 

graphics adapter, which accepts the data to display, and ^ rewriting). Tlie purpose of the 

processes the data so that it can be displayed on a momtor ^^^^ ^^^^ the 16-Kbyte segment that holds it is that, 

or display. ^ ^ where a BIOS image is updated (flashed) and 

The motheri5oard also includes memory that stores pro- p^^^^ ^ ^^^^ j^^g jjiat process, the BIOS image that is read 

grams and data that the PC needs at power-up, because the ^^^^ ^^^^ ^^^^^ to boot from the bad 

PC loses the contents of its mam memory when it is powered 3JQ3 ^^^^^ ^^^^ ^ble to do so due to the 

down. The CPU reads the programs in the memory, and ^^^j^y gjQg -^^^^ However, by having recovery code 

executes them at power-up. In the memory there are vanous p^^^^j ^ ^^^^^ ^lock that cannot be overwritten, the boot 

support routines for accessing the keyboard, the graphics ^^^^^^ ^^^^^ ^^-^^^ ^ executed every time the PC is powered 

adapter, etc., which are collectively known as the ROM- includes code to determine whether the BIOS image is 

BIOS or BIOS, noted previously. ^^^d. If the BIOS image is correct, then the boot block code 

Graphics adapter cards typically have their own ROM- g^ip recovery process code incorporated therein, and 

BIOS, by which the CPU on the motherboard calls the allow control to be passed to the BIOS image so as to 

corresponding program in the ROM-BIOS of the graphics allow the BIOS image to be executed, 

adapter card via a bus interface (e.g., RS-232C). gjos image is bad, which can be determined during 

When it becomes necessary to add support for a new execution of the boot block code by the performance of a 

feature, functionality or just fix a bug, most systems allow 50 simple check sum on the BIOS image, for exanple, then the 

one to "flash" the BIOS, so as to allow for an updated BIOS boot block code will not allow the BIOS image to be 

to be written into the PC's NVRAM. Once the BIOS is executed. Instead, it will execute a recovery process. In the 

flashed, the PC uses the updated BIOS, which has now been recovery process, the BIOS image will be rewritten, such as 

written over the older BIOS. by the boot block code retrieving a BIOS image stored in a 

Upon reset, the PC starts executing a block where the boot 55 floppy disk inserted into a disk drive of the PC. The boot 

block code resides. In most systems, the region containing block code then checks the updated BIOS image and pro- 

the boot block area is write protected and cannot be ceeds as explained above. 

overwritten, and provides the code that the PC executes Nonsymmetrical flash parts or memories arc typically 

upon power up or reset. The boot block code typically ranges more expensive to manufacture than symmetrical flash parts, 

from about 8 Kbytes up to 32 Kbytes. It is a subset of the go That is, a flash part having only multiple 64-Kbytc segments 

BIOS and is suflBcient to read the floppy drive, and write to is cheaper to manufacture than a flash part having multiple 

the flash part. The boot block code can be considered to be 64- Kbyte segments, one or more 16-Kbyte segments, and 

a self-contained "miniBIOS" with enough code so as to read one or more 8-Kbyte segments. However, since the boot 

the new BIOS image off a floppy or the like, and write that block code cannot be overwritten, having a 16-Kbyte seg- 

image to the flash part, 65 ment that can be provided for just the boot block code 

The boot block code in conventional PCs is protected (which typically is around 16 Kbytes in size) is usefiil, since 

from overwriting. Motherboard manufacturers, in general, that way no wasted memory space occurs. 



02/26/2004, EAST Version: 1.4,1 



us 6,3( 

3 

In particular, since the boot block code cannot easily be 
erased and then rewritten, if the boot block code was 
provided in a larger segment, such as a 64- Kbyte segment, 
then thai segment would also have to include other code that 
cannot be erased and then rewritten so as to make maximum 
utilization of the available memory space. Alternatively, the 
remaining space of the 64-Kbyte boot block segment cotild 
remain blank and thus unutilized. Thus, if the boot block 
code was 16 Kbytes in size, then the other 48 Kbytes of the 
64 Kbyte boot block segment would either have to be 
unutilized (e.g., blank), or provided with code that cannot be 
updated. 

In a sense, the boot block code may be considered to be 
the non-updatable portion of the BIOS code. The BIOS code 
that is updatable is typically placed contiguously with the 
non-updatable boot block code. While there may be portions 
of the BIOS code that are not updated very often, such as 
information on video drivers or logos to be displayed at 
power up, it may be desirable to update even that code from 
time to time. However, this is not a problem with asym- 
metrical flash parts, in which the boot block segment is sized 
to hold the boot block code, and not much else. 

SUMMARY OF THE INVENTION 

An object of the present invention is to provide a method 
for protecting the flash recovery code that formerly resides 
in a protected boot block segment of a non-symmetrical 
flash part. 

The above-mentioned object and other advantages of the 
present invention may be achieved by a method of protect- 
ing boot block code while allowing an update to other code 
or data residing in the same block. The boot block code and 
the other code or data are stored in a first writable segment 
of a flash memory that is usually set to a protected non- 
writable state. The method includes a step of copying all data 
stored in the first writable segment of the memory into a 
second writable segment of the memory. The method also 
includes a step of validating the copied data in the second 
writable segment of the memory. The method further 
includes a step of setting the first writable segment to a 
non-protected, writable state. The method still further 
includes a step of erasing all data stored in the first writable 
segment. The method also includes a step of updating the 
first writable segment with updated code or data, the updated 
code or data including boot block code. The method further 
includes a step of comparing the boot block code stored in 
the first writable segment with the boot block code stored in 
the second writable segment. If the comparison is such that 
the boot block codes stored in the first and second rewritable 
segments are identical, the method includes a step of setting 
the first rewritable segment to the protected, non-writable 
state. 

The above-mentioned object and other advantages may 
also be achieved by an apparatus for providing protection for 
boot block code used to boot up a computer. The apparatus 
includes a segmented memory having a plurality of writable 
segments, one of the segments being a segment in which the 
boot block code is stored, another of the segments being a 
segment in which a copy of the boot block code is stored. 
The apparatus also includes a storage element for storing a 
state of a flag, the state being indicative of whether the boot 
block code is to be executed from the one of the segments 
or from the another of the segments when the boot up of the 
computer is performed. 

BRIEF DESCRIPTION OF THE DRAWINGS 

The above-mentioned objects and advantages of the 
invention will become more fully apparent from the follow- 
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ing detailed description when read in conjunction with the 
accompanying drawings, with like reference numerals indi- 
cating corresponding parts throughout, and wherein: 

FIG. 1 shows a configuration of an asymmetrical flash 
5 part used to store boot block code for conventional PCs; 

FIG, 2 shows a configuration of a symmetrical flash part 
that can be used to store boot block code according to the 
present invention; 

FIG. 3 is a flow chart of a method of protecting boot block 
code while allowing updating of BIOS code according to the 
present invention; and 

FIG. 4 shows a circuit for reading boot block code from 
a second region of a symmetrical flash part instead of from 
a first region, in accordance with the present invention. 

DETAILED DESCRIPTION OF THE 
PREFERRED EMBODIMENT 

The present invention will be described in detail below in 
^ connection with the accompanying figures. FIG. 1 shows the 
configuration of an asymmetrical flash part that is used in 
conventional PCs to hold the boot block code and other code 
or data, such as rewritable BIOS code. In FIG. 1, the boot 
block code is stored in a segment 0 of an asymmetrical flash 
memory 100. The segment 0 has a storage capacity of 16 
Kbytes. The segment 0 is locked down or protected, and 
cannot be overwritten after the boot block code has been 
written into the first segment 0 at manufacture of the 
asymmetrical flash memory 100. That way, the boot block 
code's integrity is preserved at all times. 

FIG, 1 also shows another segment 1 of the asymmetrical 
flash memory 100. The segment 1 has a storage capacity of 
8 Kbytes. FIG. 1 further shows yet another segment 2 having 
a storage capacity of 8 Kbytes. Manufacturer-specific infor- 
35 mation (e.g., logo, name of manufacturer, etc.) is typically 
stored in the third segment. The asymmetrical flash part 100 
also includes a plurality of 64-Kbyte segments 4, 5, ... N, 
in which other code or data is stored. Unlike the boot block 
or boot segment 0, the other segments can be written to so 
as to update the code or data stored in those segments. As a 
result, a current BIOS image stored in the asymmetrical flash 
memory 100 can be updated or flashed with a new image. 
However, the boot block image in the first segment cannot 
be updated. 

45 A CPU of a PC accesses the boot block code as follows. 
The BIOS is stored in a memory, such as an EPROM, 
located on the motherboard. The EPROM corresponds to the 
asymmetrical flash part 100 discussed above. The CPU 
accesses the boot block code directly fi-om the EPROM. 

50 When the PC is first powered on or upon resetting of the PC, 
the power-on sequence causes the CPU to be hardwired to 
the uppermost 4-Gbyte region of the CPU's address range of 
the EPROM. For example, for current INTEL processors, 
upon power on, the CPU starts to execute code at address 

55 location FFFFFFFO;,^, which is near the end of the 4 Gbyte 
region. Usually, the first instruction at FFFFFFFO^^ is a 
jump to another address in the 4 Gbyte region, where the 
boot block code resides. As explained previously, the boot 
block code will perform a check sum or other validation 

60 procedure on the BIOS code to determine whether the BIOS 
code is operable. If it is operable, then the boot block code 
provides a jump to the BIOS code. If the BIOS code is 
inoperable (e.g., check sum failed), then the boot block code 
will execute a recovery process to force the user to write in 

65 a new BIOS image, which is flashed into the EPROM. 
The boot block code typically goes into a recovery mode 
for any of the following reasons: a) the check of the BIOS 
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image (e.g., check sum) reveals that the BIOS image is boot-blodc-in-progress flag in the preseat invention, and 
faulty, b) a jumper is placed (by the user) such that the may be a hardware sticky bit or the like. The boot-block- 
recovery process is initiated, or c) a jumper plug is placed in in -progress flag provides an indication that an updating of 
the paraUcl port of the PC, again causing the recovery the BIOS is being performed. Such a flag may be set by way 
process to be initiated. 5 being set in a latch or flip-flop, for example, whereby 

. iflu . -im.u. ifa power failure occurs, that bit would stUl be in the set 

no. 2 shows a symmetncal flash part or memory 220 that ^^^^^ ^ ^^^^^ 

can be used m accordance with the present invention. Hic g ^ 3^^^^ CPU will 

symmetncal flash part 220 includes a plurality of equal- ^^^^ backup boot block image in the second 

sized regions 200-1, 200-2, . . . , 200-N. In the preferred region, and not from die boot block image in the first region, 

embodiment, each region has a storage capacity of 64 10 ^ ^^^^ ^^^^ ^^^^ ^^^.^^ 

Kbytes. The boot block code, which corresponds to a tected state. The first region was in a protected state prior to 

non-updatable part of a BIOS image, and which has a size ^^^^ jhe setting of the boot block to the unprotected 

of 16 Kbytes, for example, is stored in the first region 200-1. ^^^^^ ^^^y allowed in conventional memory devices. 

Other code or data, such as an updatable part of the BIOS is allowed in the symmetrical flash part according to the 
image, can be stored in the first region 200-1, along with the 15 ^^^^^^ invention. That is the system and method according 

boot block code. The updatable part of the BIOS image is jj^e present invention allows for the setting of each region, 

lypicaUy of large enough size so that part of it must also be including the boot block or boot region, of the symmetric 

stored in the second region 200-2. In other words, the Q^sh part to either an unprotected or protected state. This 

updatable part of the BIOS image is typically greater than 48 getting may be done, for example, by applying a proper 

Kbytes. The method of writing an updated BIOS image 20 ^^^^^^^ 5 ^^^^^ external pin for the symmetrical 

according to the present invention is applicable to symmetri- p^rt 

cal flash parts, and will be described in detail below ^ ^^^^ 34^^ contents of the first region are 

In any flash part, a region is written to by erasing the erased. One way of erasing the contents of a region of a flash 

entire data in the region, and then writing to the region. part has been explained previously. Of course, other ways 

Thus, for a 64- Kbyte region, the entire 64-Kbyt6 region is that are known to those skilled in ±e art may also be utilized, 

erased, and then updated with the new data. Accordingly, if ^ sixth step 350, the contents of the first region are 

one desires to update a BIOS image, where part of the BIOS updated with a new image. The hew BIOS image may be 

image is stored in a same region as the boot block code, a obtained from a floppy disk loaded into a floppy drive of the 

scheme must be developed which aUows the updating of the p^^ example. The new BIOS image includes both the 

BIOS image, while protecting the boot blodc code that is ^^^^ b^pck code that corresponds to the non-updatable BIOS 

also stored in the same region. ^ode, as well as the updatable BIOS code. 

FIG. 3 is a flow chart describing the method according to jjj ^ seventh step 360, a comparison is made between the 

the present invention. Such a method is . applicable to a contents of the first and second regions of the symmetrical 

symmetrical flash part, in which boot block code (say of 16 flastj part. In particular, a comparison is made as to whether 

Kbyte size) is stored in a first region of the flash part, and xht contents of the boot block code of the flashed-in image 

with a beginning portion (say the first 48 Kbytes) of updat- within the first region is exacfly the same as the copied boot 

able BIOS code also stored in the first region. For case in ^lock code within the second region. This comparison may 

explanation and not by way of limitation, the first region 5^ jone as a byte-by-byte compare, or by checking a check 

(segment) and all other regions (segments) of the symmetri- sum value of the boot block image in both the first and 

cal flash part have a size of 64 Kbytes. In the example, the second regions, or by other ways known to those skilled in 

remaining portion of the BIOS code is stored in a second the art to compare data stored in different regions of a 

region contiguous (in a memory addressable sense) with the memory device. 

first region. [f the comparison performed in the seventh step 360 
In a first step 300, the entire 64-Kbyte block of the first 45 results in a match between the boot block codes in the first 

region, in which the boot block code is stored, is copied to and second regions, the method proceed to an eighth step 
another region, such as, by way of example, the second • 370. If there is not a match, due to a bad writing of the new 

region, thereby overwriting the contents of the second BIOS image to the first region, for example, the method goes 

region. In this example, assume that the first region has a back to the fifth step 340, in which the erasing of the first 
memory address range of from FFFFFOOO^,^ to FFFFFFFF- jq region and the writing to the first region is U*ied again. In the 

Further, assume that the second region has a memory present invention, a counter (not shown) may be utilized to 

address range of from FFFFEOOO;,^ to FFFFEFFFF;^^. In count the number of times in which the comparison per- 

the first step 300, the boot block code (non-updatable BIOS formed in the seventh step 360 results in a non-match. When 

image), as well as a portion of the updatable BIOS image, the counter reaches a fixed value, say, for example, four, then 
are copied from the first region to the second region of the 55 the method according to the invention would jump to a step 

symmetrical flash part. in which the boot block image in the second region is written 

In a second step 310, the images of the first and second back to the first region, and in which no further rewrites of 
regions are compared, in order to provide a validation of the * the first region are allowed. This jump out of the BIOS 

copy to the second region. In the preferred embodiment, this updating process will occur after several unsuccessful 

comparison is done as a byte-by-byte compare. The second attempts at writing a BIOS image into the symmetric flash 

step 310 is made to ensure that the copy to the second region part. In such an instance, the user will be informed of the 

has been made correctly, and thus to ensure that the copy of problem by a message provided on the monitor, for example, 

the boot block code in the second region is exactly the same and will have to take appropriate steps (e.g., obtain another 

as the boot block code in the first region. floppy disk containing the flash BIOS) so as to try again at 

If the validation has been confirmed, then, in a third step 65 a later point in lime. 

320, a flag is set to provide an indication that the boot block If the comparison in the seventh step 360 is successful, 

(first region) is being updated. Such a flag is called a then the eighth step 370 is performed. In the eighth step 370, 
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the first region is set to the proleaed Slate. This may be done, not automatically perform a reboot from the copied boot 

for example, by applying a proper voltage (e.g., 0 volts) to block code in the second region, the user must physically do 

a particular pin of the symmetric flash part. something to cause the CPU to retrieve the uocomipted boot 

In a ninth step 380, the boot-block-in-progress flag, which ^'^^^^^ *^lf ^ °PP^^^ ^ P?^*'^^' 
was set in the third step 320, is reset (e.g., to "0'% With the 5 corrupted boot block code m the first region. Tlie user 

^, , . o . .u nun J . normally would be provided with msu^ctions pnor to per- 

boot-block-m-progress flag reset the PC will be allowed lo fo^^/^j,, BIOS fl^h operation, which would warn hii^ or 

boot up from the boot block code m the first region. j^^^ ^^^^^ ^ ^^^^ f^l^^^ ^j^^^g BIOS 

In a tenth step 390, the contents of the second region are updating, the user must provide a jumper to a particular 

erased. In an eleventh step 395, the contents of the second location on the motherboard, so as to cause the A16 address 

region are updated with new data This new data may liae inversion. The instructions may alternatively instruct 

correspond to the data that was previously stored in the to call a technical support representative, who 

second region prior to the BIOS code updating (if it was would provide the necessary instructions to the user so that 

properly copied to another section of memory previously), the user can properly place a jumper (e.g., a wire) in the 

or more likely the updating is performed using the remaining proper place on place motherboard. With the jumper in 

portion of the new BIOS code that has been written into the place, the CPU will be executing code at a part, which it 

first region, thinks is the first region, but in fact is the second region of 

As explained earlier, the BIOS code typically is of a size the flash p Once the CPU has rebooted and the BIOS image 

that is more than one 64-Kbytc segment, and so that when has been properly written into the first region, then the user 

the BIOS is updated, the contents of the first and second can remove the jumper. 

regions of the symmetric flash part will need to be updated. Thus, as explained above, if the ninth step has not 

In the event that the ninth step 380 has not been successfuUy completed and if the PC hardware does not 

completed, due, for example, to a power failure occurring automatically perform an address line swap based on the 

sometime during execution of the third through eighth steps, boot-block-in-progress flag being in the set sUtc when a 

the boot block code may be unstable or unusable. If this 25 operaUon is initialed, then a recovery jumper can be 

happens, the backup boot block image in the second region used to swap an address line A16, to thereby relocate the 

is used to recover the contents of the first region. In this physical address FFFFEOOO^^^ to FFFFFOOO;^. The system 

situation, the boot-block-in-progress flag is stiU in the set will then boot using the copied boot block image in the 

state upon reboot of the PC. In the preferred embodiment, second region, and a recovery process can then take place to 
the PC hardware is configured to provide an address line 30 rewrite the image in the first region. With the recovery 

swap for address line A16, which corresponds to the 16'^- jumper in place, which is physically placed on the mother- 

from-the-least-significant address line. For example, for a board by a user, only updates to the first region can occur as 

32-bit address line, the least significant bit of the address line long as the recovery jumper is enabled. As a result, the 

is designated as AO, the next-to-the-least significant bit of backup boot block image in the second region is protected 
the address line is designated as Al, . . . , and the most 35 until the recovery jumper is removed, 

significant bit of the address line is designated as A31. If the The present invention provides an apparatus and a method 

boot-block-in-progress flag is in a set state when a reboot is to protect the in itcgrity of the boot block code such that it 

being performed, the address line A16 will be inverted so is always recoverable in the event that a bad BIOS image or 

that the boot block code will be retrieved from a physical power outage occurs during a BIOS flash or update, 
address region starting from address location FFFFEOOOO;^^ 40 While a preferred embodiment has been described herein, 

(start of second region) rather than from FFFFFOOOO;^.^ modification of the described embodiment may become 

(start of first region). This configuration of the PC hardware apparent to those of ordinary skill in the art, fo flowing the 

can be made such that an inverter is enabled in the address teachings of the invention, without departing from the scope 

line A16 only when the boot block-in-progress flag is in the of the invention as set forth in the appended claims. For 
set state during a boot operation. FIG. 4 show such a 45 example, while the present invention was described with 

configuration, in which a 2:1 switch 410 is used together reference to boot block code has a size of about 16 Kbytes, 

with an inverter 420, whereby when the boot-block- in- the present invention is equally applicable to other sizes of 

progress flag value 430 is in a set state during the boot boot block code, such as 8 Kbytes or 32 Kbytes, for 

operation, the switch 410 is configured to send the address example, which can be stored in a symmetrical flash part that 
line A16 through the inverter, but to bypass the inverter 420 50 has equal-sized segments that are larger than the size of the 

when the boot-block-in-program flag value 430 is in a reset boot block code, 

state. The boot-block-in-progress flag value 430 is provided Furthermore while the present invention was described 

to a control input of the switch 410, thereby causing the with reference to the copy of the boot block code (and other 

switch 410 to be in one of its two possible states based 00 code in the first region of the flash part) being copied to a 
the current state of the boot-block-in-progress flag value 55 neighboring second region of the flash part, that copy may 

430. An important feamre of the boot-block-in-progress flag instead be placed in any other particular region of the flash 

value 430 is that the value is preserved even when a power part, such as the tenth 64-Kbyte segment. In that instance, if 

down of the PC occurs. That way, when a reboot is ^ failure occurs during the BIOS updating, the CPU would 

performed, boot-block-in-progress flag value 430 is main- have to retrieve the copied boot block image for a next 

tained in the same slate as existed prior lo the power down, booting operation from the tenth 64-Kbyte segment of the 

and can provide for the correct execution of a booting flash part. Thus, the address line swap would have to be 

process based on whether the value is set or reset. configured to retrieve the boot block code for the CPU from 

If no hardware exists in the PC to physically cause a the tenth segment, instead of from the first segment, 

change in the booting address, such as by not having the What is claimed is: 

structure of FIG. 4, then the user must be informed to 65 LA method of protecting first boot block code and 

perform a particular procedure if a problem occurs during a aUowing an update to other code or data residing in a same 

BIOS flash operation. In that instance, since the CPU will segment or region as the first boot block code, wherein the 
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first boot block code and the other code or data is stored in 
a first writable segment of a memory that is initially set to 
a protected non-writable state, the method comprising the 
steps of: 

a) copying all information stored in the first writable 
segment of the memory into a second writable segment 
of the memory; 

b) validating the copied information in the second writ- 
able segment of tbe memory; 

c) setting the first writable segment to a non-protected, 
writable state; 

d) erasing all information stored in the first writable 
segment; 

c) updating the first writable segment with updated code 
or data, the updated code or data including second boot 
block code; 

0 comparing the second boot block code stored in the first 
writable segment with the first boot block code stored 
in the second writable segment; 

g) if the comparison in step f) is such that the second and 
first boot block codes respectively stored in the first and 
second rewritable segments are identical, setting the 
first rewritable segment to the protected, no n- writable 
stale. 

2. The method according to claim 1, her comprising the 
steps of: 

h) between steps b) and c), setting a boot-block-update 
flag; and 

i) after the step g), resetting the boot-block-update flag, 
wherein, if a reboot occurs while the boot-block-update 
flag is set, the computer is initialized using the first boot 
block code stored in the second rewritable segment and 
not from the second boot block code stored in the first 
rewritable segment. 

3. The method according to claim 1, wherein the first and 
second rewritable segments are segments of a symmetrical 
flash memory which has only same-sized segments. 

4. The method according to claim 1, wherein the first and 
second rewritable segments are rewritable by erasing aU 
contents of the respective first and second segments, and 
then writing information to the respective erased first and 
second segments. 

5. The method according to claim 1, wherein the validat- 
ing step b) is performed by a byte-by-byte compare of 
information in the first and second segments. 

6. The method according to claim 1, wherein the validat- 
ing step b) is performed by a check sum compare of 
information in the first and second segments. 

7. The method according to claim 1, further comprising 
the steps of: 

h) setting a flag to a set state after the step after the 
validating step b) has successfully completed, the flag 
being initiaUy in a reset state; and 

i) setting the flag to the reset state after the step f) has 
successfully completed, 

wherein, if a reboot occurs when the flag is in the reset 
state, the reboot will occur using the first boot block 
code stored in the second writable segment and not the 
second boot block code stored in the first writable 
segment. 

8. The method according to claim 1, wherein the code or 
data stored with the boot bock code is BIOS code, and 
wherein the updated code or data is updated BIOS code that 
replaces the BIOS code. 

9. An apparatus for providing protection for boot block 
code, comprising: 
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a memory that consists of a plurality of segments includ- 
ing at least two equal sized segments, each of the 
segments being capable of being erased and rewritten 
to, wherein the boot block code is stored in a first of the 
equal sized segments along with other data stored in 
said first of the equal sized segments, and a copy of at 
least the boot block code in the first of the equal sized 
segments to be copied to a second of the equal sized 
segments, and 

a processor programmed to compare the boot block code 
stored in the first of the equal sized segments with the 
boot block code stored in the second of the equal sized 
segments to verify that the boot block code stored in the 
first of the equal sized segments and the boot block 
code stored in the second of the equal sized segments 
are identical; if so, said first of the equal sized segments 
being updated with updated code at least a portion of 
which includes the boot block code of the second of the 
equal sized segments. 

10. The apparatus of claim 9, wherein the first of the equal 
sized segments is initially set to a protected, non-writable 
state and is set to an unprotected, writable state after said 
processor determines that the boot block code in the first of 
the equal sized segments is the same as the boot block code 
stored in the second of the equal sized segments. 

11. The apparatus of claim 10, wherein the processor 
erases all information stored in the first of the equal sized 
segments after setting said first of the equal sized segments 
to an tmprotected, writable state. 

12. The apparatus of claim U, wherein said processor 
copies at least said boot block code from the second of the 
equal sized segments and further copies at least a portion of 
said other data from a location other than said second of the 
equal sized segments. 

13. A computer program product, comprising a computer 
usable medium having computer readable program code 
embodied therein, the computer readable program code in 
said computer program product comprising: 

a) first computer readable code for copying all code and 
data stored in a first writable segment of the computer 
usable medium into a second writable segment of the 
computer usable medium, the copied code and data 
including first boot block code; 

b) second computer readable code for validating the 
copied code and data in the second writable segment of 
the computer usable medium; 

c) third computer readable code for setting the first 
writable segment to a non-protected, writable state; 

d) fourth computer readable code for erasing all of the 
code and data stored in the first writable segment; 

e) fifth computer readable code for updating the first 
writable segment with updated code or data, the 
updated code or data including second boot block code; 

f) sixth computer readable code for comparing the first 
boot block code stored in the first writable segment 
with the second boot block code stored in the second 
writable segment, 

wherein, if tiie comparison by the sixth computer readable 
code is such that the second and first boot block codes 
respectively stored in the first and second rewritable 
segments are identical, setting the first rewritable seg- 
ment to the protected, non-writable state. 

14. A computer program product according to claim 13, 
further comprising: 

g) seventh computer readable code for setting and for 
resetting a boot-block-update flag, 
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wherein, if a reboot occurs while the booi-block-update 
flag is set, the computer is initialized using the first boot 
block code stored in the second rewritable segment and 
not from the second boot block code stored in the first 
rewritable segment. s 

15. A computer program product according to claim 13, 
wherein the first and second rewritable segments are seg- 
ments of a symmetrical flash memory which has only 
same-sized segments. 

16. A computer program product according to claim 13, lO 
wherein the first and second rewritable segments are rewrit- 
able by erasing all contents of the respective first and second 
segments, and then writing data to the respective erased first 
and second segments. 
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17. A computer program product according to claim 13, 
wherein the validating by the second computer readable 
code is performed by a byte -by-byte compare of data in the 
first and second segments. 

18. A computer program product according to claim 13, 
wherein the validating by the second computer readable 
code is performed by a check sum compare of data in the 
first and second segments. 

19. A computer program product according to claim 13, 
wherein the code or data stored with the first boot block code 
in the step a) is BIOS code, and wherein the updated code 
or data is updated BIOS code for replacing the BIOS code. 
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